Episode575

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #575

Recorded September 13, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Carlos Perez
    is currently the Principal Consultant, Team Lead for Research at TrustedSec.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • DerbyCon is holding its first-ever Mental Health & Wellness Workshop - to help support their efforts, please go to DerbyCon.com/wellness
    • Join us for our Webcast with LogRhythm about "Tips & Tricks for Defending the Enterprise Using Open Source Tools". The webcast will be held September 27 @3:00PM EST!

    Interview: Brian Coulson, LogRhythm - 6:00-6:45PM

    Brian Coulson
    is the Threat Research Sr Engineer at LogRhythm.
    Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA. He also focuses on emerging threat trends and determining what can be derived from the attacks that can be used for hardening guidance, and detections for analysts and incident responders.

    Previously, he worked as a Lead Information Security Engineer at the largest commercial imaging satellite company in the United States where he was focused on incident response.


    Tech Segment: Eyal Neemany, Bypassing PAM - 6:50PM-7:25PM

    Eyal Neemany
    Sr. Cyber Security Researcher at Javelin-Networks
    Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks.

    * Eyal's Slides for Bypassing PAM - File:PIMPAMPOM.pdf (To Open: Click File and then click the Adobe logo]]


    Security News - 7:30-8:00PM

    Paul's Stories

    1. Microsoft accidentally let encrypted Windows 10 out into the world
    2. Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software | ZDNet
    3. US carriers introduce Project Verify to replace individual app passwords
    4. Is hiring a hacker ever a good idea? | ZDNet
    5. Neil deGrasse Tyson on Elon Musk: Let the Man Get High
    6. Postmortem: Multiple Failures Behind the Equifax Breach
    7. Whisky business: Uni of Edinburgh servers Irn-Scru'd by cyber-attack
    8. PowerShell Obfuscation Ups the Ante on Antivirus
    9. Google Outlines Incident Response Process for Cloud Customers
    10. Identity and Access Management Market to grow at 10%+ CAGR from 2018 to 2024
    11. Veeam leaves MongoDB database wide open, exposes 445m records
    12. Bomgar Buys BeyondTrust
    13. eSentire Launches Integrated MDR and SIEM Platform for Full Threat Visibility and Rapid Response
    14. two-open-source-alternatives-flash-player
    15. U.S. to Charge North Korean Spy Over WannaCry and Sony Pictures Hack

    Larry's Stories

    1. I'm in security, and it sucks. I love it.
    2. the US has some cyber work to do....
    3. implementation of badusb: USB Ninja
    4. Low cost rubber ducky!
    5. stealing a Tesla by cloning the key fob
    6. Ooops, video conference fail

    Jeff's Stories

    1. British Airways Breach Caused by Credit Card Skimming Malware
    2. It took hackers just 22 lines of code to steal British Airways’ customer data
    3. The most popular "privacy" tool in Apple's Mac App Store was stealing users' browsing history and sending it to China
    4. Feedify Becomes Latest Victiom of the Magecart Malware Campaign
    5. Banking Trojans and Shady Apps Galore In Google Play